Install Now
Find Easy Subscriptions on Shopify App Store
Trust Center · Updated June 2026

Your data is safe. We can prove it.

Every merchant, every subscriber, every transaction — protected by industry-leading privacy, security, and compliance standards.

99.9% Avg uptime
AES-256 Encryption standard
SOC 2 Type II certified
24/7 Incident response
Why Easy Subscription

Putting your privacy first

Our merchants and partners can trust that we value privacy and comply with GDPR, CCPA, and every standard that matters to your business. We believe privacy isn't a checkbox it's a commitment we embed into every product decision, every data pipeline, and every third-party integration.

Privacy Policy

Secure and responsible data practices — how we handle what's yours.


Privacy & AI

How we comply with AI regulations for global merchants and partners.


Cookie Policy

How we use cookies to improve your experience and personalise content.


Data Processing Agreement

Personal data handling in line with privacy laws and your requirements.


Security

Built secure from day one

Security isn't bolted on — it's woven into every layer of our platform, from infrastructure to every line of code.

Born in the cloud

Hosted on Google Cloud Platform (GCP) — independently verified against PCI DSS, SOC 2&3, and ISO 27000 standards with global redundancy.

Active bug bounty

We maintain an active bug bounty program and work with third-party organisations to continuously validate and harden our security controls.

Product security

Every feature ships through a rigorous security review cycle. Our framework integrates security best practices into each phase of software development.

Operational security

Automated intelligence and skilled reviewers working around the clock. Our operational procedures include:

24/7 incident handling MFA everywhere AES-256 at rest TLS in transit Patch management Secure backups
Analytics

Building security into everything we do

Security is central to our business. We use rigorous practices, processes, and tools to protect your data and continuously strengthen our platform.

Security overview
All system secure
In transit Data encrypted during transmission
TLS 1.3
At rest Data encrypted while stored
AES-256
Access Secure access with strong authentication
MFA+SSO
Monitoring Continous monitoring and threat detection
24/7 SOC
Availability & Uptime

Your store never sleeps. Neither do we.

Easy Subscriptions runs on Google Cloud Platform with a recovery strategy that leverages GCP's global infrastructure — designed so your subscription business stays online no matter what. We maintain clear Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) and publish real-time system performance to our public status page.

99.9%
Average uptime — last 90 days
Operational Partial Incident
1hr
Recovery Time
Objective (RTO)
15 min
Recovery Point
Objective (RPO)
Global
GCP multi-region
infrastructure
Real Time
Public status page
updates
Compliance

Certified. Audited. Accountable.

Beyond our hosting platform's compliance, Easy Subscriptions meets key industry standards at every layer — from payment security to data handling to accessibility.

We are PCI DSS certified and maintain a SOC 2 Type II report, independently verifying that our controls work as designed. We also take active steps to ensure our platform is usable by all individuals.

Need a copy of our SOC 2 report or compliance documentation? Request it below — we'll respond within one business day.

"We chose Easy Subscriptions because their compliance posture matched ours. PCI DSS, SOC 2, GDPR — everything we needed was already there."

— Head of Engineering, 7-figure DTC brand

PCI DSS

Payment Card Industry Data Security Standard — certified

SOC 2 Type II

Service Organization Control — independently verified

GDPR

EU General Data Protection Regulation — fully compliant

CCPA

California Consumer Privacy Act — compliant

ADA

Americans with Disabilities Act — accessibility reviewed

Frequently Asked Questions

Is my payment data safe with Easy Subscriptions?

Yes. We are PCI DSS certified, which means we meet the highest standard for payment card data security. Card data is encrypted at rest with AES-256 and in transit via TLS 1.3. We never store raw card numbers on our servers.

How do you handle a data breach?

We maintain 24/7 incident handling with defined escalation paths. In the event of a breach, we follow our incident response plan, notify affected parties as required by law, and publish a post-mortem to our status page.

Can I get a copy of your SOC 2 report?

Yes. Use the compliance document request form above and we'll send the SOC 2 Type II report within one business day. NDA may be required for some documentation.

Where is my data hosted?

All data is hosted on Google Cloud Platform (GCP), which complies with an independently verified set of standards including PCI DSS, SOC 2 & 3, and ISO 27000. We leverage GCP's global infrastructure for redundancy and resilience.

Are you GDPR and CCPA compliant?

Yes. We comply with both GDPR (EU) and CCPA (California). We provide Data Processing Agreements (DPAs) for merchants who require them, and we honor all data subject rights including access, deletion, and portability requests.

Do you have a bug bounty program?

Yes. We maintain an active bug bounty program and also contract with third-party security organisations to conduct regular penetration tests. If you discover a vulnerability, please report it via our responsible disclosure page.

star Subscription Audit
Scroll to Top